Local network cease to work when VoIP interface is enabled

[chocointed]

Still a learning user for OPNSense here so bare with me

Currently I have a VM running OPNSense that's running on my server to control my home network.

And with that I have a BCM57810S SFP+ card passed through running an ONU SFP stick with a 10GBase-T transceiver to serve as an uplink to my 10GBe switch.

Currently the ONU SFP stick is running in transparent mode to passthrough all the VLANs from my provider as upstream to OPNSense and in OPNSense. I have three VLANs setup at the moment. VLAN400 (VoIP), VLAN500 (PPPoE Dialup) and VLAN600 (IPTV).

VLAN500 is quite straight forward with pppoe/bridge-to-bridge interface, nothing's wrong there. However, when I enable my VoIP VLAN and the bridge that bridges VLAN400 with igb2 (Dedicated interface to run VoIP) in DHCP mode, I lose all local internet connectivity. Same with my IPTV VLAN.

My VoIP DHCP address assigned from my ISP side is 10.x.x.x, basically RFC1918. I tried turning on this interface does not require an intermediate system to act as a gateway for both VLAN and Bridge interfaces and still nothing, I enable the interface, enable DHCP and I lose all connection, I can't even do a speedtest-cli in ssh.

Is there any settings that I can turn on/off to make sure that turning on VoIP interface does not screw my local network?

P/S: As far as I can tell, it only affects local network connectivity, even when the local network doesn't function, I was still able to access my port forwarded NAS from a remote connection.

Would appreciate any advice given from the novices veteran OPNSense user here  :D
If screenshots are needed, I will be more than happy to be able to provide any screenshots needed to help with diagnostics

[Bantais1]

Hi!
Your situation is really tricky, especially if you are just starting out with OPNsense and already have such a complex setup with VLANs, bridges and 10G. Kudos for the setup - it looks pretty advanced.

Basically, your issue is most likely related to how bridging works in OPNsense. When you enable an interface with DHCP from your ISP (for example for VoIP or IPTV), OPNsense might start treating that interface as a default route, especially if it gets an IP address in the RFC1918 range. This can confuse your LAN.

Here are a few things you can try:

Don't assign an IP address to the bridge. Just create a bridge between the interfaces you want and don't enable DHCP or static on it, especially if you are not sure how OPNsense will route it.

Check the route table to make sure that after enabling the VoIP interface, the default route is not going through it. You can check this in System > Routes > Status.

Firewall rules: make sure that all the interfaces involved have rules allowing the traffic you want (especially "allow all" for the duration of the test).

Don't enable "This interface does not require a gateway" unless you are sure. It can help, but it can also break routes if not applied correctly.

Check "System > Settings > General" to see what the default gateway is and if it is not switched when VoIP is enabled.

You can also use Packet Capture on the interfaces you want to check to see what happens to the traffic when the network "goes down".

If you have screenshots, I'd be happy to see them. Good luck with the setup!